On /r/programming, Daneel_Trevize and I found a very weird SSL certificate that seems to cover all of the following:
a.ssl.fastly.net, *.a.ssl.fastly.net, fast.wistia.com, purge.fastly.net, mirrors.fastly.net, *.parsecdn.com, *.fastssl.net, voxer.com, www.voxer.com, *.firebase.com, sites.yammer.com, sites.staging.yammer.com, *.skimlinks.com, *.skimresources.com, cdn.thinglink.me, *.fitbit.com, *.hosts.fastly.net, control.fastly.net, *.wikia-inc.com, *.perfectaudience.com, *.wikia.com, f.cloud.github.com, *.digitalscirocco.net, *.etsy.com, *.etsystatic.com, *.addthis.com, *.addthiscdn.com, fast.wistia.net, raw.github.com, www.userfox.com, *.assets-yammer.com, *.staging.assets-yammer.com, assets.huggies-cdn.net, orbit.shazamid.com, about.jstor.org, *.global.ssl.fastly.net, web.voxer.com, pypi.python.org, *.12wbt.com, www.holderdeord.no, secured.indn.infolinks.com, play.vidyard.com, play-staging.vidyard.com, secure.img.wfrcdn.com, secure.img.josscdn.com, *.gocardless.com, widgets.pinterest.com, *.7digital.com, *.7static.com, p.datadoghq.com, new.mulberry.com, www.safariflow.com, cdn.contentful.com, tools.fastly.net, *.huevosbuenos.com, *.goodeggs.com, *.fastly.picmonkey.com, *.cdn.whipplehill.net, *.whipplehill.net, cdn.media34.whipplehill.net, cdn.media56.whipplehill.net, cdn.media78.whipplehill.net, cdn.media910.whipplehill.net, *.modcloth.com, *.disquscdn.com, *.jstor.org, *.dreamhost.com, www.flinto.com, *.chartbeat.com, *.hipmunk.com, content.beaverbrooks.co.uk, secure.common.csnstores.com, www.joinos.com, staging-mobile-collector.newrelic.com, *.modcloth.net, *.foursquare.com, *.shazam.com, *.4sqi.net, *.metacpan.org, *.fastly.com, wikia.com, fastly.com, *.gadventures.com, www.gadventures.com.au, www.gadventures.co.uk, kredo.com, cdn-tags.brainient.com, my.billspringapp.com, rvm.io
From what I can tell, the certificate exists because DigiCert authorized the Fastly CDN to represent itself as all of the above sites. Oddly enough, the certificate was found on https://www.cnn.com/ even though CNN is not on the above list.
I can't figure out how to link directly to the certificate, but it's currently available from https://www.cnn.com. Its serial number is 06:28:1D:36:75:B4:1F:CC:B3:FF:18:FA:EC:F8:FD:DF and its SHA1 fingerprint is 98:97:03:4D:AD:78:62:48:5A:8E:24:67:ED:E8:38:21:3E:E2:4F:47.
Are we reading this correctly? If so, is it safe for these sites to share a certificate like that?